Sr. DevSecOps Engineer | 13 years in IT | Biochemistry degree I've never used for biochemistry
I walk into environments with no documentation, no CI/CD, and no observability, and I leave behind infrastructure that actually works. Federal/DoD compliance, Iron Bank containers, Platform One deployments, and the less glamorous stuff β migrating legacy systems between clouds without losing data and untangling years of manual deployment processes.
Hands-on labs and templates for secure, production-grade infrastructure.
- π Container Hardening Lab β CIS/Iron Bank-aligned container hardening β non-root builds, OPA/Kyverno policy enforcement, Cosign signing, SBOM generation, and Falco runtime detection
- ποΈ IaC Security Lab β Six hardened Terraform modules (S3, IAM, VPC, CloudTrail, RDS, EKS) with CIS AWS Foundations Benchmark mappings; tfsec, Trivy, and OPA/Rego enforcement with an
examples/insecurefailure demo that validates the pipeline itself. No cloud credentials required - βΈοΈ K8s Bootstrap Lab β Production-grade Kubernetes platform bootstrap: GitOps, observability, and runtime security from Kind to EKS
- π€ MLOps Pipeline Lab β Production-grade MLOps deployment pipeline: container hardening, CI/CD, GitOps, observability, and Kyverno policy enforcement around a HuggingFace model
- π Go Deploy Lab β Go application through the full deployment lifecycle: multi-stage distroless builds, Kubernetes manifests, rolling updates, Kyverno policies, Prometheus metrics, Grafana dashboards, CI with Trivy + SBOM
- π SRE Observability Lab β SLO-based alerting, error budget burn-rate math, chaos engineering with documented outcomes, runbooks linked from alerts, request ID correlation across services, promtool-tested alert rules
IaC Security Lab Container Hardening Lab
Terraform policies Dockerfile policies, Cosign signing,
CIS AWS Benchmark SBOM generation, Falco runtime
β β
βΌ βΌ
K8s Bootstrap Lab βββββββββββββ MLOps Pipeline Lab
Kind / EKS platform HuggingFace model serving
GitOps, observability, CI/CD, GitOps, Kyverno
runtime security policy enforcement
β²
β
Go Deploy Lab ββββββββββββββΊ SRE Observability Lab
Go app, deployment lifecycle SLOs, burn-rate alerts,
distroless, Kyverno, CI chaos engineering, runbooks
The labs are designed to be read together. IaC Security hardens the infrastructure layer. Container Hardening secures the runtime. K8s Bootstrap provisions the platform. MLOps Pipeline deploys a real workload on top of it. Go Deploy Lab takes a Go application through the full deployment lifecycle. SRE Observability Lab builds on those patterns to demonstrate actually operating services β SLO definitions, multi-window burn-rate alerting, chaos scenarios, and runbooks.
- π§ Agentic Platform Lab β An on-call first-responder agent workload running on tenant-controlled, security-hardened Kubernetes. Charter, workload spec, and Phase 1 runtime evaluation are in; the platform build is next. Treats "safe by default" as a first-class scoring axis, not a footnote.
- βοΈ r055le.github.io β Blog. DevSecOps, SRE, and career-adjacent posts about the invisible work that keeps production running. Hugo + hugo-clarity, deployed from this repo
- πΎ Horror Battler β Dark auto-battler in Godot β 10-round loop with a tiered shop, merge upgrades, and ability synergies. Cursed creatures, grotesque synergies, watch them murder each other
- π Harbor Lights β Cozy-cosmic-horror signal-station prototype; Vite/React creative exploration
- π Cosmic Horror Atlas β Curated craft-analysis corpus for cosmic horror; atomic concepts, author indexes, and transferable craft moves. Reference for readers, retrievable knowledge base for downstream creative work
Kubernetes Terraform Docker Helm ArgoCD Ansible GitLab CI/CD GitHub Actions HashiCorp Vault Grafana Prometheus Loki Alertmanager AWS Azure GCP Go Python Bash